receiveTokenOrETH() does not check the useless msg.value, which may cause the loss of funds #284
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-355
satisfactory
Finding meets requirement
Lines of code
https://github.com/debtdao/Line-of-Credit/blob/e8aa08b44f6132a5ed901f8daa231700c5afeb3a/contracts/utils/LineLib.sol#L68
Vulnerability details
Impact
LineLib#receiveTokenOrETH() does not check the useless msg.value, which may cause the loss of funds
Proof of Concept
When token != Denominations.ETH, msg.value is not used, but there is no detection of msg.value==0, so if it is transferred by mistake, the funds will be lost.
Tools Used
Recommended Mitigation Steps
The text was updated successfully, but these errors were encountered: